Wireless local area networks (wireless LANs, or WLANs) have changed the landscape of computer networking. The use of mobile computing devices, such as laptops and personal digital assistants, coupled with the demand for continual network connections without having to “plug in,” are driving the adoption of enterprise WLANs.
A WLAN allows end users to access e-mail, schedule meetings, and access files and applications on the corporate or university network from conference rooms, classrooms, co-workers' desks, and virtually anywhere. With wireless networking, regardless of where they are in a facility, end users are just a mouse-click away from key information and applications.
With the increased reliance on WLANs, businesses are increasing more concerned about network security. With a WLAN, transmitted data is broadcast over the air using radio waves. This means that any wireless client within an access point (AP) service area can receive data transmitted to or from the access point. Because radio waves travel through ceilings, floors, and walls, transmitted data may reach unintended recipients on different floors or even outside the building that houses the AP. With a WLAN, the boundary for the network has moved. Without stringent security measures in place, installing a WLAN can be the equivalent of putting Ethernet ports everywhere, including the parking lot.
As with other networks, security for WLANs focuses on access control and privacy. Traditional WLAN security includes the use of Service Set Identifiers (SSIDs) using open or shared-key authentication, static Wired Equivalent Privacy (WEP) keys and optional Media Access Control (MAC) authentication. This combination offers a certain level of access control and privacy, but each element can be compromised.
The 802.11 standard is a group of specifications for WLANs created by the Institute of Electrical and Electronics Engineers Inc. (IEEE) and supports two means of client authentication: Open and Shared-Key authentication. Open authentication involves little more than supplying the correct SSID. With shared-key authentication, the AP sends the client device a challenge text packet that the client must then encrypt with the correct WEP key and return to the access point. If the client has the wrong key or no key, authentication will fail and the client will not be allowed to associate with the access point. Shared-key authentication is not considered secure, because a hacker who detects both the clear-text challenge and the same challenge encrypted with the WEP key can decipher the WEP key.
With open authentication, even if a client can complete authentication and associate with an AP, the use of WEP prevents the client from sending data to and receiving data from the AP, unless is the client has the correct WEP key.
FIG. 1 illustrates the transactions involved in client authentication in the 802.11 specification. Initially, during the “discovery” phase, a mobile node (MN) client 10 broadcasts a probe request frame 20 on several channels. Access points 12 of the wired network 14 within range respond with a probe response frame 22. The client 10 then decides which access point 12 is best for access and sends an authentication request 24 initiating the “authentication” phase. The access point 12 sends an authentication reply 26. Upon successful authentication, the client 10 commences the “association” phase by sending an association request frame 28 to the access point 12. The access point then replies with an association response 30 and, thereafter, the client is then able to pass traffic to and receive traffic from the access point.
It has been recognized that vulnerabilities exist in the 802.11 authentication and data privacy schemes. To that end, the IEEE has adopted 802.1X as a new standard for session authentication on wired and wireless networks. This standard can provide WLANs with strong, mutual authentication between a client and an authentication server. In addition, 802.1X can provide dynamic per-user, per-session keys that can be used to protect the data-link layer, removing a set of administrative burdens and security issues surrounding static WEP keys.
Several 802.1X authentication types exist, each providing a different approach to authentication while relying on the same framework and the Extensible Authentication Protocol (EAP) for communication between a client and an AP. Mutual authentication is implemented between the client and an authentication server (AS), for instance, a remote authentication dial-in user service (RADIUS) server. The credentials used for authentication, such as a log-on password, are never transmitted in the clear, or without encryption, over the wireless medium.
Generally, a supplicant station (STA) such as a mobile node (MN) discovers the AP's security policy through passively monitoring beacons or through active probing. If 802.1X authentication is used, however, the EAP authentication process starts when the AP sends an EAP-request 32 as shown in FIG. 2 or when the STA sends an EAPOL-start message 34. EAP authentication frames 36 pass between the supplicant and application server via the authenticator and supplicant's uncontrolled ports as shown in FIG. 2. The supplicant and authentication server authenticate each other (e.g., EAP-TLS) and generate a Pairwise Master Key (PMK). The PMK 38 is sent from the AS to the authenticator over the secure channel as shown in FIG. 2. Those skilled in the art recognize that the PMK is established by a successful authentication. This is the term used in both the IEEE 802.11 security focused task group ‘i’ (TGi) and WiFi's Wireless Protected Access (WPA) draft specification and is a key used to derive the Pariwise Transient Keys or PTKs used to protect the 802.11 data frames.
Lastly, as shown in FIG. 3, a 4-way handshake 40 utilizing 802.1X EAPOL-key messages is initiated by the authenticator to permit secured general data traffic. The 4-way handshake confirms the existence of the PMK and also confirms that the PMK is current. A Pairwise Transient Key (PTK) is derived from the PMK during the 4-way handshake. Also, unicast encryption and integrity keys are installed into the 802.11. A Group Transient Key (GTK) is transported from the authenticator from the supplicant and the GTK is installed in the STA, and in the AP if not already installed. Lastly, the ciphersuite selection is confirmed.
While current key management schemes provide security associations, they lack the required elements for optimizing the transition of a client as it moves from one access point to another. Realtime devices such as phones require the ability to seamlessly roam with little or no disruption to their security association. One solution has been proposed in an attempt to minimize handoff process delays and is shown in FIG. 4. As shown there, the so-called “IEEE 802.1X pre-authentication”protocol involves including a pre-authentication exchange 50 between the discovery phase 52 during handoff and the re-association exchange portion 54 of the overall re-authentication process 56. The intervening step is an attempt to minimize handoff latency. Through the 802.1X pre-authentication scheme, it is possible for stations to partially authenticate through development of the pairwise master key PMK prior to association.
However, handoff process delays still occur and those delays can, in some cases, compromise the roaming capability of certain devices such as phones which require voice data. More particularly, the discovery phase, either during active or passive scanning includes a determination to find a new AP due to signal strength loss or an inability to communicate with the current AP. Probe delays incurred when a client searches for a new AP may be prohibitive to facilitate roaming of voice-type devices. Additionally, delays occur during the re-authentication stage when the station re-authenticates and re-associates to the new AP. These potential delays include computational delays for each authentication packet and for each packet requiring the generation of a cryptographic value, such as a message integrity value. Additionally, media access delays exist due to packets sent by either other NICs between the authentication packets.
Overall, therefore, fast roaming capabilities for voice applications require full pre-authentication and key management such as the 4-way handshake to minimize handoff delays. It has been established that the re-association 4-way handshake to generate the PTK is too expensive timewise and cannot be delayed until after the re-association exchange. An additional 2-way handshake after the re-association exchange for GTK delivery also does not help in minimizing roaming latency.
There is, therefore, a need for methods, systems, apparatus, and computer readable medium which provide for seamless roaming of real time devices such as phones with little or no disruption to service because of security association delays.
The method, apparatus, system, and computer readable medium described in this application solve the above problems and others.